hi all, as you all well know, SEC has had very limited support for rule branching. Rules can be (de)activated with contexts, but true rule branches can't be set up (for example, in the way you can define iptables chains). I have given it some thought and there are some at least some ways of doing this. There could be a special command line flag (e.g., -conf2) which loads a rule file, but doesn't use it for matching input lines by default. Instead, a user could employ the 'jump' action to tell SEC to use specific rule file only. Another way to enable branching would be to have 'load' and 'drop' actions for loading configuration from additional rule files at run time, and then let user to employ 'jump' for narrowing the matching process to given files only. Instead of files, I've been thinking of using textual tags, e.g., 'load linux /etc/sec/linux/*.rules', 'jump linux', etc. (or -conf2=/etc/sec/linux/*.rules=linux which is somewhat similar to specifying input file contexts for SEC). What do you think? br, risto
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Simple-evcorr-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
